A private encryption key embedded into widely used mission-critical routers could be exploited by hackers to attack electric substations, railroad switches, and other critical infrastructure, security researchers have warned.

The flaw, uncovered in devices made by Siemens subsidiary RuggedCom of Ontario, Canada, is the second this year to affect its Rugged Operating System. The firmware runs mission-critical routers that have been used by the US Navy, petroleum giant Chevron, and the Wisconsin Department of Transportation to help administer industrial control systems and supervisory control and data acquisition systems, which flip switches, turn valves, and manipulate other machinery in industrial settings. Rugged OS is fluent in both the Modbus and DNP3 communications protocols used to natively administer such ICS and SCADA gear.

According to security researcher Justin W. Clarke, Rugged OS contains the same private key used to decrypt secure-sockets-layer communications sent by administrators who log into the devices. This allows attackers who may have compromised a host on the network to eavesdrop on sessions and retrieve user login credentials and other sensitive details. Plenty of small and home office routers also contain private SSL keys. What's different here is that RuggedCom devices, which are designed to withstand extreme dust, heat, and other harsh conditions, are connected to machinery that controls electrical substations, traffic control systems, and other critical infrastructure.

"This is fairly typical in cheap consumer-grade embedded products, and has the unfortunate effect that easy Man-In-The-Middle attacks can be performed against products," K. Reid Wightman, an industrial control systems security expert for Digital Bond, wrote in a blog post published Wednesday. "For example, any compromised host on the switch management network can be used to spoof affected RuggedCom switches, meaning that the bad guy or gal could capture legitimate usernames and passwords for the switch."

Some researchers say ICS and SCADA companies such as Siemens and RuggedCom aren't doing enough to make their products safe for the companies or governments that rely on them. The critics cite real-world attacks from malware such as Stuxnet and Flame, which burrowed into supposedly secured networks by exploiting a variety of vulnerabilities. While some flaws appeared relatively minor in isolation, they were enough to compromise the overall systems when targeted as a whole.

The US Industrial Control Systems Cyber Emergency Response Team has asked RuggedCom to confirm Clarke's findings and identify steps customers can take to reduce risks. The advisory also stated that "control system devices should not directly face the Internet," but that reminder is often ignored, as the image above suggests.

19 Reader Comments

All of this is going to fall on deaf ears for years to come until a catastrophe hits. At that point some geek in MSNBC news room will let the big dick there know that Mr. Clarke had predicted this years ago. Mr. Clarke is offered a "Top Security Analyst" position at MSNBC followed by a large congressional inquiry into how it happened with Mr. Clarke as chief expert. Congress will go on to publish a 800 page book three years later on how this could be prevented, Mr. Clarke will continue to do research and on each anniversary media will ask "could it happen again?"

The answer will be a resounding "yes", but nobody will in fact do anything because this will inevitably turn into a political election issue.

According to security researcher Justin W. Clarke, Rugged OS contains the private key used to decrypt secure-sockets-layer communications sent by administrators who log into the devices.

What the hell.

Quote:

Some researchers say ICS and SCADA companies such as Siemens and RuggedCom aren't doing enough to make their products safe for the companies or governments that rely on them.

Gee you think? This is just such, such amateur hour stuff it's honestly mind blowing. Embedding a private key? Not just having a smart card slot for that stuff so each organization has control? What on Earth were they thinking? I really, really hope they get sued into the floor for this at some point, or at least lose business, because this sort of thing is ridiculous. Asymmetric crypto (Diffie, Hellman et al) dates from what, the mid-1970s? SSL itself was mid-90s, so approaching 20 years old now.

I'm not sure I understand why the fact that the device comes preloaded with a private key is the problem. The key has to be stored somewhere in order for the SSL connection to work, anyone with physical access to the device could potentially get that key. This is the same as all computers.

It would be a much bigger problem if all of the RuggedCom devices shared the *same* private key, since it would be easy to grab one off of them of ebay and then have be able to man in the middle any RuggedCom device. However the article doesn't even talk about this, which makes me wonder if that is the case.

I'm not sure I understand why the fact that the device comes preloaded with a private key is the problem. The key has to be stored somewhere in order for the SSL connection to work, anyone with physical access to the device could potentially get that key. This is the same as all computers.

It would be a much bigger problem if all of the RuggedCom devices shared the *same* private key, since it would be easy to grab one off of them of ebay and then have be able to man in the middle any RuggedCom device. However the article doesn't even talk about this, which makes me wonder if that is the case.

That is the case:

"This time, Justin took a different track with the device firmware and showed that all products use the same SSL private key, hard-coded in the firmware."

So this article is incorrect then . The vulnerability is not that the Rugged OS contains the private key, which of course it must in order to do SSL. The real flaw, as reported elsewhere, is that the the same private key is used by all Rugged OS devices.

I'm not sure I understand why the fact that the device comes preloaded with a private key is the problem.

Because organizations should be supplying their own as part of their own PKI, so that the private key is never outside their control, they have the ability to change arbitrarily as needed and match security to their budgets. Anything else is stupid, lazy design that encourages stuff like:

willdude wrote:

"This time, Justin took a different track with the device firmware and showed that all products use the same SSL private key, hard-coded in the firmware."

The key has to be stored somewhere in order for the SSL connection to work,

Hardened token/smartcard.

Quote:

anyone with physical access to the device could potentially get that key.

Hardened token/smartcard. Non-trivial to copy off (must disassemble it without tripping it/messing and causing the data to get destroyed, and then have a way to read the raw data off the chip), and it can't be done silently. Since it can't be done silently and is easy to swap, the organization can just invalidate it and regenerate.

Quote:

This is the same as all computers.

Where you should be using a hardened token/smartcard if it's a concern for the exact same reason.

So this article is incorrect then . The vulnerability is not that the Rugged OS contains the private key, which of course it must in order to do SSL. The real flaw, as reported elsewhere, is that the the same private key is used by all Rugged OS devices.

That makes since.

No, this story is *not* incorrect. Lots of private keys are used over and over, as is the case with https://www.google.com/, https://www.nytimes.com/ and lots of other https-protected sites. The reason this key reuse is a problem here is that RuggedCom products embed that private key.

Yes, the article (which has now been updated) should have made clear that the same SSL private key is hard-coded into each device. But it's not incorrect.

That pretty much sums it up. We need benevolent aliens to save us from ourselves.

At the rate we're going, I'm not even sure they need to be benevolent.

I always wonder why critical infrastructure runs on general purpose OSes like Windows. Then, you get a case like this that makes me wonder why the hell you'd want to use proprietary OSes that rely on a small team to keep patched.

No, this story is *not* incorrect. Lots of private keys are used over and over, as is the case with https://www.google.com/, https://www.nytimes.com/ and lots of other https-protected sites. The reason this key reuse is a problem here is that RuggedCom products embed that private key.

Yes, the article (which has now been updated) should have made clear that the same SSL private key is hard-coded into each device. But it's not incorrect.

It's not the mere fact that a private key is embedded -- Google and NYTimes probably have their private keys embedded on their web servers too. It's the fact that it was embedded in ALL of their products available to the public. You can't buy a web server that has Google's private key on it, after all.